Privacy and Security

We are happy when customers talk about us, but we don't talk about our customers!

Privacy Policy of the Steuerbot Website

Protecting your personal data is of utmost importance to us. Therefore, we strictly adhere to legal requirements when collecting and processing your personal data. Below, we provide you with detailed information about the scope and purpose of data collection on our website.

1. Principle of Anonymous Data Usage

The use of our website is generally possible without providing personal data. For the use of specific services on our website, different regulations may apply, which will be separately explained below. The legal basis for data protection can be found in the German Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

When accessing our website, certain information is transmitted, such as the IP address. Information about the device used (computer, smartphone, tablet, etc.), the browser (Internet Explorer, Safari, Firefox, etc.), the time of access, the so-called referrer, and the amount of data transferred is also collected.

This data cannot be used by us to identify individual users. It is used solely to evaluate the attractiveness of our website and to improve its performance and content, making it even more interesting for you.

However, we point out that, in the case of a static IP address, a personal reference might be possible via a RIPE query. This is something we do not undertake. Nevertheless, this website is accessible to both statically and dynamically assigned IP addresses.

2. Personal Data

The term "personal data" is defined in the German Federal Data Protection Act (BDSG). It refers to individual details about personal or factual circumstances of a specific or identifiable natural person. This includes, for example, your full name, date of birth, address, or telephone number.

3. Collection and Processing of Personal Data

Personal data is only collected by us if you voluntarily provide it, for example, when you register with us or contact us.

We use the personal data you provide solely to the extent necessary to fulfill and process our services.

Any further use of your data, such as for additional services or advertising purposes, will only take place if you have expressly consented to it beforehand. You can revoke your consent at any time with effect for the future.

After the complete fulfillment of the contract, your data will be blocked from further use unless you have expressly consented to its continued use. Upon expiration of the tax and commercial retention periods, this data will be deleted unless you have explicitly agreed to further use.

The following provisions inform you about the type, scope, and purpose of collecting, using, and processing personal data.

4. Contact Options

You can contact us via email for questions, requests, or suggestions. The information you provide in this context will be stored for the purpose of processing your inquiry. Additionally, the data collected in this manner may be matched with data that we may have collected elsewhere, provided you have given your prior consent. You can withdraw this consent at any time with effect for the future. To exercise your right to withdraw, please contact the address provided at the end of this statement.

We also provide a live chat feature on our website, powered by Intercom (Intercom Inc., 55 Second Street, Suite 400, San Francisco, CA 94105, USA), which acts as our data processor. We have entered into a data processing agreement with this service provider under Art. 28(3) sentence 1 GDPR, which complies with European data protection standards. The service provider is also certified under the US-EU Privacy Shield.

The service enables us to communicate with website visitors and answer questions. The legal basis for processing your data is Art. 6(1)(f) GDPR. During the chat session, information such as your location, IP address, browser, and visited pages is displayed to us and stored.

Intercom automatically deletes the IP addresses and geographic data of visitors who have not accessed our website for nine months.

5. Job Applications

You can apply to our company electronically. The information you provide will, of course, be used exclusively for processing your application and will not be shared with third parties. Please note that emails sent without encryption are not protected against unauthorized access during transmission.

6. Cookies

To improve our website and make its use as optimal as possible for you, we use cookies. Cookies are small text files that are stored on your computer when you visit our website, allowing your browser to be recognized again upon return. Cookies store information such as your language preferences, the duration of your visit, or the inputs you make on our website. This prevents the need to re-enter all required data each time you use the site. Additionally, cookies allow us to recognize your preferences and tailor our website to your interests.

7. Newsletter

You have the option to subscribe to our free newsletter. With this newsletter, you will regularly receive the latest news and information. To receive the newsletter, you need a valid email address. We will verify the email address you provide to ensure that you are either the owner of the email address or authorized to receive the newsletter. This verification is done by sending an email to the address you provided, which you then confirm. After confirming the email, you will be subscribed to our newsletter.

You can unsubscribe from our newsletter at any time. Details on how to unsubscribe can be found in the confirmation email and in every newsletter. Once you unsubscribe, your data collected for the purpose of receiving the newsletter will be promptly deleted.

Mailjet

We use Mailjet (SAS Mailjet, 13-13bis, Rue de l’Aubrac – 75012 Paris, France) as our email service provider for sending newsletters. We have entered into a data processing agreement with this service provider in accordance with Art. 28(3) sentence 1 GDPR, ensuring compliance with European data protection standards. The applicable privacy policy of Mailjet can be accessed below.

The email service provider may use your data in a pseudonymized form (i.e., without assigning it to a specific user) to optimize or improve its own services, such as the technical optimization of email delivery and display or for statistical purposes. The service provider exclusively uses this data for processing newsletters on behalf of Steuerbot GmbH and does not use the data to contact you directly or share it with third parties.

8. Data Sharing

Data collected by us will only be shared under the following conditions:

• You have given your explicit consent in accordance with Art. 6(1)(a) GDPR,
• The sharing is necessary under Art. 6(1)(f) GDPR to assert, exercise, or defend legal claims, and there is no reason to assume that you have an overriding interest in the non-disclosure of your data,
• We are legally obligated to share data in accordance with Art. 6(1)(c) GDPR, or
• Sharing is permitted by law and is necessary under Art. 6(1)(b) GDPR for the execution of a contractual relationship or to carry out pre-contractual measures upon your request.

Some of the data processing described in this privacy policy may be carried out by our data processors. In addition to those specifically mentioned in this privacy policy, these may include data centers that store our databases, IT service providers, or those maintaining our systems. If we share data with these service providers, they are only permitted to use it to fulfill their respective tasks. These service providers are carefully selected and engaged by us, contractually bound to our instructions, equipped with appropriate technical and organizational measures to protect the rights of the affected persons, and regularly monitored by us.

Furthermore, data may be shared in connection with government requests, court orders, and legal proceedings if it is necessary for pursuing or enforcing legal claims.

9. Website Optimization Tools

We use various website optimization tools for advertising purposes and to analyze user behavior on our website.

a. Google Analytics

This website uses Google Analytics, a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). According to an agreement between Google and the Hamburg Commissioner for Data Protection and Freedom of Information, it is possible to use Google Analytics in a data protection-compliant manner under certain conditions.

Please note the following information about the use of Google Analytics:
Google Analytics uses cookies, which are stored on your computer, to analyze your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet use.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to their full extent. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout?hl=en.

Alternatively, you can prevent Google Analytics from collecting your data by clicking the following link. An opt-out cookie will be set to prevent the future collection of your data when visiting this website: Deactivate Google Analytics. The opt-out cookie is only valid for this browser and only for this domain. If you delete your cookies in this browser, you must click this link again.

Further information can be found at google.com/policies/privacy and in Google's privacy policy.

b. Facebook "Visitor Action Pixel"

We use the Facebook "Visitor Action Pixel" provided by Facebook Inc. (1601 S. California Avenue, Palo Alto, CA, 94304, USA) as part of conversion tracking.

A specific tracking code embedded in our website, which can be personalized with certain target indicators, individually evaluates user behavior after clicking on a Facebook ad. It determines whether the user, for example, completes a paid transaction.

Conversion tracking works through a cookie.

With the "Visitor Action Pixel," the data collected externally is likely linked directly to a user profile within the platform. This means the cookie associates the stored user behavior with individual account data.

For more information about the purpose and scope of data collection, further processing, and usage of the data, as well as privacy settings, please refer to Facebook's Privacy Policy.

c. Social Plugins

This website uses social plugins from the providers Facebook, Twitter, and Instagram:

• Facebook (Operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
• Twitter (Operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
• Instagram (Operator: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA)

These plugins typically collect data from you by default and transmit it to the servers of the respective providers.

To protect your privacy, we have implemented technical measures to ensure that your data cannot be collected by the providers of the respective plugins without your consent. When you visit a page where these plugins are integrated, they remain inactive by default. The plugins are only activated when you click on the respective symbol, thereby giving your consent for your data to be transmitted to the respective provider.

Once activated, the plugins collect personal data such as your IP address and transmit it to the servers of the respective provider, where it is stored. Additionally, activated social plugins place a cookie with a unique identifier on your device when you visit the corresponding page. This enables the providers to create profiles of your usage behavior. This can happen even if you are not a member of the respective social network. If you are a member of the social network and are logged in during your visit to our website, your data and information about your visit to our website can be linked to your profile on the social network.

We have no influence over the extent of the data collected by the respective provider. For detailed information on the scope, type, and purpose of data processing, as well as your rights and options to protect your privacy, please refer to the privacy policies of the respective social network providers. These can be accessed at the following links:

• Facebook: https://facebook.com/policy.php
• Twitter: https://twitter.com/privacy
• Instagram: https://help.instagram.com/155833707900388

10. Security

We implement technical and organizational security measures to protect the data we manage from manipulation, loss, destruction, and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments on the internet. Your data is encrypted using the most common and secure transmission methods available on the internet. Additionally, we use a firewall (security software) to protect internal information from the internet.

All information you provide to us is protected by a secure server. The server's security software, SSL (Secure Socket Layers), encrypts all the information you enter before it is transmitted to us. The information is only decrypted once it reaches our server. If a small padlock appears at the bottom left of our website, you can be sure that the website is secure. This ensures that personal data, such as credit card details, can be safely transmitted via our website.

11. Access and Public Directory

Upon request, we will provide you with written information, in accordance with applicable law, about whether and which personal data we have stored about you. Additionally, you have the right, within the framework of legal provisions, to have your personal data corrected, blocked, or deleted.

12. Responsible Authority

If you have questions regarding the processing of your personal data, you can contact us directly. We are also available to assist with inquiries, requests, or complaints.

Please contact:

Address:
Steuerbot GmbH
Welfenstraße 19
70736 Fellbach

Email: dataprotection@steuerbot.com

Effective date: 07/19/2018

Privacy Policy of the Steuerbot App

Protecting your personal data is of utmost importance to us. Therefore, we strictly adhere to legal regulations when collecting and processing your personal data. Below, we provide detailed information about the scope and purpose of data collection in our apps.

This updated version of the EU General Data Protection Regulation (GDPR) has been effective since May 25, 2018, and:

• Clearly explains what data we collect and how we use it,
• Gives you more control over your data,
• Outlines all details about your rights as a user.

Contact Person

The contact person and responsible authority for processing your personal data when using one of our apps under the EU General Data Protection Regulation (GDPR) is:

Steuerbot GmbH
Welfenstraße 19
70736 Fellbach

Tel.: +49 711 3055 3044
Email: hello@steuerbot.com

For all questions regarding data protection in connection with the use of our apps, you can also contact us at dataprotection@steuerbot.com at any time.

Data We Process

1. Use of the App

To use the full functionality of our app (iOS, Android, Mac, or Web), the following data is collected from your device and automatically transmitted to us during app usage:

• Device name (e.g., "Apple iPhone 8" or "Samsung Galaxy S9")
• Device type (e.g., tablet, phone, or desktop)
• Device ID
• Operating system and version
• API level (Android only)
• Set system language
• General device data, such as language and regional settings
• IP address of the device
• Date and time of usage

In the event of a crash (i.e., when the app terminates unexpectedly due to a software error or stops responding to inputs), the app sends us an error report. This report contains only the aforementioned technical device information as well as details about which section of the app's software code or the last chat message caused the error.

We use usage data and, if applicable, error reports to identify and resolve potential security risks or malfunctions in the app. The legal basis for this data processing is Art. 6(1)(f) GDPR, which permits data processing for the purposes of legitimate interests. Our legitimate interests include ensuring the app's functionality, identifying and resolving errors, and the early detection and prevention of cyberattacks.

2. Creation of a Customer Profile

To use Steuerbot, registration is required. This occurs after selecting the option "I am new here" in response to the first question. During the initial setup, your first name, last name, and email address will be requested. The data you provide during registration will be processed to create and manage your customer profile, contact you if necessary, and enable you to use Steuerbot's services. Your first and last name will be used for personalized communication within the chat and to prefill this information in your tax return. The legal basis for processing is Art. 6(1)(b) GDPR.

At the end of the initial setup, you will be asked to review the Terms and Conditions and this Privacy Policy. By clicking the confirmation button, you also consent to the following statement:

I consent to Steuerbot collecting and processing sensitive, tax-relevant data, such as information about religion, health, and union membership, to provide Steuerbot's tax service. I can revoke this consent at any time with future effect, though Steuerbot may no longer function fully.

To complete the registration process, a confirmation link will be sent to the email address you provided. Once you open the confirmation link, your account will be successfully verified, and registration will be complete. You will then be redirected to our website, where you can set a password for your profile.

Please note that we use Google Inc. as part of our infrastructure. We ensure adherence to the highest technical security standards and store all data primarily in Germany (see Our Data Processors). However, for technical reasons, infrastructure maintenance may occasionally be carried out from the USA. Since we process sensitive data, we strive for the highest transparency in this regard.

The data collected during registration is used to create the customer account and prepare for the contractual relationship. The legal basis for this data processing is Art. 6(1)(b) GDPR.

3. Data for Creating a Tax Return

After registration, we collect and store additional data needed to create your tax return during the chat process. We explicitly point out that this may include sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, health, marital status, and sexual orientation. We aim to ask only questions relevant to your tax case. The legal basis for processing this data is your consent, as per Art. 6(1)(b) GDPR in conjunction with Art. 9(2)(a) GDPR. Collecting this data is necessary to create a correct tax return that we can submit to the tax office on your behalf.

This data is also necessary to accurately predict your tax refund. For example, we need to ask whether you have paid church tax and which religious group you belong to. You should provide information about disabilities or medical treatments since the associated costs may reduce your taxable income. Similarly, union membership contributions are queried as they count as deductible expenses under work-related costs. Collecting such data is essential to fulfill the contractual purpose of our service.

Examples of personal data include:

• Personal identification and contact details: first name, last name, address, date and place of birth, tax number, identification number, email address, and phone number.
• Information required for tax assessment and collection, such as:
  • Income (e.g., salary, business income, capital gains)
  • Expenses (e.g., work-related costs, special expenses, extraordinary burdens)
  • Taxes withheld by third parties (e.g., income tax, solidarity surcharge, church tax)
  • Marital status and children
  • Tax class
  • Occupation
  • Bank details
  • …

4. Use of Mapping Services

Our app uses the "Google Maps" mapping service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") for address-related information (e.g., residential address, primary workplace, business address, etc.). To integrate and display the map material in our app, the Steuerbot app must connect to a Google server, which may be located in the USA, when the map function is used. If personal data is transferred to the USA, Google is committed to the EU-US Privacy Shield. Google will thereby receive information that our app is being accessed using your device's IP address. This data processing is necessary for the app's functionality. The legal basis for this processing is Art. 6(1)(b) GDPR. If you choose not to provide this data, the app may not function as intended.

5. Submission of the Tax Return

Once you have completed all required information, our app will guide you through the submission process. After confirming the preview in Step 1 of 3, your completed tax return can be submitted to the tax office in Step 2 of 3. Submission to the tax office occurs only upon the explicit request of the user and after prior confirmation. Upon consent, all information entered in the tax return will be transmitted to the appropriate tax office.

We use the ELSTER interfaces of the tax administration for submission. The data transmission is partially automated as part of the ELSTER procedure. The data is initially sent as a pre-announcement to the tax office. Subsequently, we provide you with the key information in a condensed PDF format for download and via email. This document must be signed and sent by post to the relevant tax office. The tax return is considered fully submitted once it is sent by post.

Since data transmission is associated with the data protection obligations of the tax authorities, we are required to inform you about data processing through ELSTER:

This software processes personal data under Art. 4(1) GDPR and Art. 9(1) GDPR for the purpose of tax processing. In addition to the data required for tax assessment, the software collects data about the user's operating system and transmits it to the tax administration. This data is necessary to ensure proper processing and prevent errors in the processing workflow. Data usage occurs under Art. 6(1)(e) GDPR in conjunction with Art. 6(3)(b) GDPR and corresponding federal or state tax laws by the tax administration, solely for the stated purpose.

The tax administration also provides general information regarding compliance with data protection provisions under Articles 12 to 14 of the GDPR, which you should review. You can access this document here.

We store the information in your tax return to simplify future submissions. Tax-related information and documents are stored exclusively on servers in Europe. This data is used to provide Steuerbot services and fulfill the related contract. The legal basis for this data processing is Art. 6(1)(b) GDPR.

6. Retrieval of the Electronic Tax Assessment

To continuously improve our services, we retrieve your electronic tax assessment from the ELSTER portal. This data is treated with strict confidentiality and is not shared with third parties. This allows us to compare the tax calculations displayed to you as a forecast with the actual calculations by the tax office, enabling further improvement of our services. The legal basis for retrieving the electronic tax assessment is Art. 6(1)(f) GDPR, based on our legitimate interest in optimizing Steuerbot.

7. Support

If you contact us via one of the available options, we will use the data you provide to process your request. The legal basis for this is our legitimate interest in responding to your inquiry, as per Art. 6(1)(f) GDPR. If the request is related to the conclusion or execution of a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR.

What Permissions Do We Require?

Below, we explain the permissions the app may request and the types of functions these permissions enable across different operating systems.

To use the Steuerbot service, the app must access specific services and data on your mobile device. At the start of app usage, we will request your permission via a pop-up to access certain specified services and data.

Accessing and processing this data through our app is necessary to fulfill the contract agreed with you for using our service. The data collected by our app is processed exclusively for this purpose and only to the extent necessary. The legal basis for this data processing is Art. 6(1)(b) GDPR.

If you choose not to provide the data as described below, you can deny the app access when permissions are requested or later through your device’s settings. However, please note that this may result in the app not functioning as intended.

1. iOS

Currently, no permissions are required to use the app on iOS.

2. Android

Network Access

This permission is requested during app installation to enable data exchange over an active internet connection (Wi-Fi or mobile data). It is required to transmit your input to our servers and maintain the chat conversation.

Data Access

This permission is required to allow the app to store the draft of your condensed tax return and the completed tax return as a PDF on your device's internal or external storage.

3. Mac

Network Access

This permission is requested during app installation to enable data exchange over an active internet connection. It is necessary to transmit your input to our servers and maintain the chat conversation.

Data Access

This permission is required to allow the app to save the draft of your condensed tax return and the completed tax return as a PDF on your device's storage.

Our Data Processors

1. Email and Support

Mailjet

We use the email service provider Mailjet (SAS Mailjet, 13-13bis, Rue de l’Aubrac – 75012 Paris, France) to send our system emails and newsletters. We have entered into a data processing agreement with Mailjet in accordance with Art. 28(3)(1) GDPR, ensuring compliance with European data protection standards. Mailjet’s applicable privacy policy can be accessed at the link below.

Mailjet may use your data in pseudonymized form (i.e., without assigning it to a specific user) to optimize or improve its own services, such as enhancing email delivery, improving the display of newsletters, or for statistical purposes. However, Mailjet processes this data exclusively on behalf of Steuerbot GmbH and does not use it to contact you directly or share it with third parties.

Processing location: France – Privacy Policy

Jitbit

Support requests are processed through a dedicated support system (Jitbit), which is managed internally and hosted on servers by the specified providers. All inquiries are automatically recorded in this system and processed by our support team. In addition to the content of support requests and conversation details, metadata such as timestamps, previous contact history, processing times, status information, tags or ticket categorization, priority information, and similar details may also be collected.

Our support system handles both manually received emails in our support inboxes and support inquiries submitted via the form used within the online tax return process.

2. Usage Analysis

Sentry

We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system performance and identifying code errors. Sentry is solely used for these purposes and does not evaluate any data for advertising purposes. User data, such as device details, error timestamps, or the last message, is collected anonymously, not linked to individuals, and deleted afterward. More information can be found in Sentry's privacy policy linked below. We have entered into a data processing agreement with this service provider in accordance with Art. 28(3)(1) GDPR, ensuring compliance with European data protection standards. The service provider is certified under the EU-US Privacy Shield.

Processing location: USA – Privacy Policy

3. Hosting and Backend Infrastructure

Amazon Web Services

We use Amazon Web Services, Inc. (410 Terry Avenue North, Seattle WA 98109, USA, "AWS") to host our app. Data is encrypted and stored within AWS cloud hosting services. This data is stored anonymously, preventing direct identification of individuals. Data storage occurs exclusively on servers within the EU. In cases where personal data is transmitted to the USA, Amazon/AWS adheres to the EU-US Privacy Shield. We have a data processing agreement with this provider under Art. 28(3)(1) GDPR, ensuring compliance with European data protection standards. The use of AWS services is based on legitimate interests (Art. 6(1)(f) GDPR). These interests include the secure and efficient delivery and optimization of our offerings. Privacy Policy

4. Payment

GoCardless

Our app offers direct debit as a payment method. During this process, order, payment, and address data are collected. Order data is shared with our external payment provider GoCardless Ltd. (Sutton Yard, 65 Goswell Road, London, EC1V 7EN, UK, "GoCardless"). The legal basis for processing personal data during the payment process is the concluded usage agreement (Art. 6(1)(b) GDPR). Data is retained for 10 years under statutory retention obligations and shared with our parent company (Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg) for accounting purposes.

Data Sharing

Data collected by us is only shared if:

• You have given explicit consent under Art. 6(1)(a) GDPR,
• Sharing is necessary under Art. 6(1)(f) GDPR to assert, exercise, or defend legal claims, and there is no reason to assume you have an overriding interest in non-disclosure,
• We are legally obligated to share data under Art. 6(1)(c) GDPR, or
• Sharing is legally permissible and necessary under Art. 6(1)(b) GDPR for the execution of a contractual relationship or to carry out pre-contractual measures requested by you.

Some of the data processing described in this privacy policy may be carried out by our processors. In addition to those specifically mentioned, these may include data centers storing our databases or IT service providers maintaining our systems. If we share data with these providers, they are only permitted to use it to fulfill their respective tasks. These service providers are carefully selected and engaged by us, contractually bound to our instructions, equipped with appropriate technical and organizational measures to protect the rights of affected persons, and regularly monitored by us.

Additionally, data may be shared in response to official requests, court orders, or legal proceedings if necessary for pursuing or enforcing legal claims.

How Long Do We Retain Your Data?

We delete the data you provide to us as soon as your customer account is deleted, we no longer need the data to fulfill the contract, and any warranty or limitation periods related to the contract have expired. If we are required to retain data for a longer period due to legal retention obligations, we will delete the data upon the expiration of these obligations.

The data you enter for your tax return will be stored for the duration of your registration, allowing you to pause and resume your tax return entry at your convenience.

The data stored in your customer profile will be deleted when you request the deletion of your profile. If we are legally obligated (e.g., for accounting purposes) or legally entitled (e.g., due to an ongoing legal dispute with the account holder) to retain data for a longer period, it will be deleted after the retention obligation or legal entitlement expires.

Submitted tax returns are stored by us in accordance with the Retention Obligations of the Fiscal Code of Germany for six years and then anonymized. Unsubmitted tax returns are anonymized as soon as the opportunity to file them has expired. Generally, this occurs after four years (at the end of the calendar year), as the right to file a voluntary tax return typically lapses by then.

Data Security

We maintain up-to-date technical measures to ensure data security, particularly to protect your personal data from risks during data transmission and unauthorized access by third parties. These measures are continually adjusted to align with the latest technological standards.

ELSTER Rich Client (ERiC)

Privacy Notice of the Tax Administration

This software processes personal data in accordance with Art. 4(1) GDPR and Art. 9(1) GDPR for the purpose of tax processing. In addition to the data required for tax assessment, the software collects information about the user's operating system and transmits it to the tax administration. This data is necessary to ensure proper processing and to prevent errors in the processing workflow. Data usage is carried out under Art. 6(1)(e) in conjunction with Art. 6(3)(b) GDPR and federal or state tax laws by the tax administration solely for the stated purpose.

For general information about the implementation of data protection regulations under Articles 12 to 14 of the GDPR in tax administration, refer here.

Your Rights

1. Exercising Your Rights: To exercise your rights under Sections 7.2 to 7.8, send an email or postal request to the provided contact address.
2. Right to Withdraw Consent: You can withdraw your consent for processing at any time with future effect, in cases where consent is required for processing. The legality of data processing based on consent before its withdrawal remains unaffected. In certain cases, we may continue to process your data after withdrawal if another legal basis exists or if the withdrawal is limited to specific processing activities.
3. Right to Access: Under Art. 15 GDPR, you have the right to request confirmation from us about whether personal data concerning you is being processed. If so, you have the right to access this personal data and additional information as outlined in Art. 15 GDPR.
4. Right to Rectification: Under Art. 16 GDPR, you have the right to request the correction of inaccurate personal data concerning you without undue delay. Considering the purposes of processing, you also have the right to request the completion of incomplete personal data, including through a supplementary statement.
5. Right to Deletion: You have the right to request the deletion of personal data concerning you without undue delay. We are obligated to delete such data promptly if the conditions specified in Art. 17 GDPR are met. For details, refer to Art. 17 GDPR.
6. Right to Restrict Processing: Under Art. 18 GDPR, you have the right to request the restriction of your personal data's processing under certain circumstances.
7. Right to Data Portability: Under Art. 20 GDPR, you have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance, provided the processing is based on consent under Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract under Art. 6(1)(b) GDPR, and the processing is carried out using automated means.
8. Right to Object: You have the right to object at any time, for reasons related to your particular situation, to the processing of your data. For newsletters, this leads to simple removal from the mailing list. For other cases, particularly those related to user accounts or tax returns, your data will be deleted upon request.
9. Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority if you believe that data processing violates applicable law.

Right to Withdraw Consent and Object

Under Art. 7(2) GDPR, you have the right to withdraw any previously given consent at any time. This means we will no longer process your data based on that consent for future purposes. Withdrawal does not affect the legality of processing carried out based on consent before withdrawal.

Where we process your data based on legitimate interests under Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to this processing. You must provide reasons related to your specific situation, explaining why your interests outweigh our legitimate interests. For objections related to direct marketing purposes, you have a general right to object without providing specific reasons, and we will honor your request.

If you wish to exercise your right to withdraw consent or object to data processing, a simple notification to the above-mentioned contact address is sufficient.

Additional Information

Individuals under the age of 18 should not transmit personal data without the consent of their parents or legal guardians.

Changes to the Privacy Policy

1. General Provisions: Steuerbot reserves the right to update or amend this Privacy Policy at any time.
2. Significant Changes: If significant changes are made, we will notify you directly through our products or via other means (e.g., email), providing you the opportunity to review the changes before they take effect. Significant changes may include new tracking technologies, profiling, or analysis services. If your consent is required for the changes, we will obtain it before they take effect. If you object to any changes, you may need to close your account, as it might no longer function properly.
3. Last Update: This Privacy Policy was last updated on June 30, 2020.